User:Mrfaber/X1C6 Arch Guide

Topics TODO

• Full disk encryption with LUKS and systemd-askpass
• Custom initramfs(needed modules/hooks, pros and cons for a minimal initrd, speed measurements)
• Power management, graphics performance, TLP
• Touchpad, trackpoint config, including udev hwdb, smooth scrolling for apps(Firefox)
• Controlling LEDs
• NetworkManager privacy functions, choosing DNS resolver, configuring systemd-resolved, DNS over TLS
• Pacman hooks for kernel updates
• Secure Boot, Keytool, sbsign
• Boot performance tweaks
• Optimal UEFI configuration
• Custom UEFI logo at boot, preparing and flashing UEFI updates to USB flash disks
• Setting up fwupd/LVFS
• Using EFISTUB, setting efivars via efibootmgr, creating a systemd-boot fallback
• Setting early splash screen via fbv instead of plymouth
• thinkpad_acpi and Thinkpad-specific tweaks, charge thresholds
• Setting up sudo
• Configuring systemd, journald, logind autologin
• Configuring ssd optimizations, issuing fstrim regularly
• Setting up gnome-shell, gdm3, gnome-shell extensions
• Setting gnome/gtk options in dconf, gnome-tweak-tool
• Keeping the system with all its components updated
• Keeping configuration files in sync
• System housekeeping (pacman hooks, cleaning caches, trash)
• Automation (benjaminoakes/maid, ansible)
• Backups (borg, important key files, LUKS headers)

Extra

TPM

• Using TPM 2.0 As a Secure Keystore on your Laptop - It's not as difficult as you think!
• tpm-luks LUKS support for storing keys in TPM NVRAM
• mkinitcpio-tpm-encrypt mkinitcpio hook that decrypts a TPM-sealed LUKS keyfile
• IBM Software TPM 2.0, Software TSS
• mkinitcpio-antievilmaid This mkinitcpio hook allows for Anti Evil Maid support for devices with a TPM on Arch Linux[...] (Uses trousers/TPM 1.2)

Secure boot

• sbtools Helpers for generating signed Arch Linux kernels for Secure Boot. And pacman hook for auto-generation.